search

jasper-software / jasper

Official Repository for the JasPer Image Coding Toolkit
http://www.ece.uvic.ca/~mdadams/jasper
Other
217 stars 103 forks source link

oss-fuzz issue 55515: graphicsmagick:coder_JPC_fuzzer: Timeout in coder_JPC_fuzzer #377

Closed bobfriesenhahn closed 4 months ago

bobfriesenhahn commented 4 months ago

Please see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55515&sort=reported%20-id&q=graphicsmagick&can=6 for an GraphicsMagick oss-fuzz issue in JasPer which was first detected on Jan 29, 2023, and is now open for public consumption.

mdadams commented 4 months ago

When you get fuzzer timeouts like this, please check to confirm that the issue is, in fact, caused by a bug in JasPer. You have often reported fuzzing timeouts, and I don't think that they have ever once corresponded to an actual bug in JasPer. I was able to process this file with JasPer on the master branch, and it terminated after about 50 seconds on my notebook (with ASan and other instrumentation enabled, which likely slows down the code a bit). In any case, there is no bug, since JasPer correctly handles the file. In the absence of any reproducer for incorrect behavior, I am assuming that there is no problem here.

bobfriesenhahn commented 4 months ago

I report such issues because oss-fuzz only allows 30 seconds.

Bob

On Mar 16, 2024, 11:14 PM, at 11:14 PM, Michael Adams @.***> wrote:

When you get fuzzer timeouts like this, please check to confirm that the issue is, in fact, caused by a bug in JasPer. You have often reported fuzzing timeouts, and I don't think that they have ever once corresponded to an actual bug in JasPer. I was able to process this file with JasPer on the master branch, and it terminated after about 50 seconds on my notebook (with ASan and other instrumentation enabled, which likely slows down the code a bit). In any case, there is no bug, since JasPer correctly handles the file. In the absence of any reproducer for incorrect behavior, I am assuming that there is no problem here.

-- Reply to this email directly or view it on GitHub: https://github.com/jasper-software/jasper/issues/377#issuecomment-2002301121 You are receiving this because you authored the thread.

Message ID: @.***>

mdadams commented 3 months ago

My point is simply that, when a fuzzing test fails due to a timeout, you really ought to try running the test case manually yourself to confirm that a bug exists before filing a bug report against JasPer. You have filed numerous bug reports due to timeouts to date, and I don't think that any of them actually corresponded to real bugs. They were simply that the timeout was set too low. In the future, it would be very much appreciated if you could check if timeout bugs are real bugs before filing a bug report against JasPer.

bobfriesenhahn commented 3 months ago

I did run the test case manually myself.  Why do you assume that I did not?

As I already mentioned, oss-fuzz imposes hard coded limits that I have no control over.  Reports such as this one are a service to you given otherwise you would be unaware that there appear to be bug reports against JasPer.

Bob

On 3/21/24 10:40, Michael Adams wrote:

My point is simply that, when a fuzzing test fails due to a timeout, you really ought to try running the test case manually yourself to confirm that a bug exists before filing a bug report against JasPer. You have filed numerous bug reports due to timeouts to date, and I don't think that any of them actually corresponded to real bugs. They were simply that the timeout was set too low. In the future, it would be very much appreciated if you could check if timeout bugs are real bugs before filing a bug report against JasPer.

— Reply to this email directly, view it on GitHub https://github.com/jasper-software/jasper/issues/377#issuecomment-2012694529, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJVLJJEMGTHCXVDPHKBD3LTYZL5PLAVCNFSM6AAAAABEZMBM52VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMJSGY4TINJSHE. You are receiving this because you authored the thread.Message ID: @.***>

mdadams commented 3 months ago

If you ran the test to confirm that it actually hangs (i.e., never finishes in any finite amount of time), please state this clearly, and more importantly please provide detailed information about the exact circumstances under which the failure occurs because I cannot reproduce this problem. JasPer always finishes in a finite amount of time with the input codestream in question. It is slow, but this is reasonable for a codestream like this one.